lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAG48ez1R_F-Oxz++sQ0dGTqZKHCyKazVEKZTTAutQbSuohXXnw@mail.gmail.com>
Date:   Tue, 11 Aug 2020 01:38:47 +0200
From:   Jann Horn <jannh@...gle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Peter Xu <peterx@...hat.com>, Linux-MM <linux-mm@...ck.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Marty Mcfadden <mcfadden8@...l.gov>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Christoph Hellwig <hch@....de>,
        Oleg Nesterov <oleg@...hat.com>,
        Kirill Shutemov <kirill@...temov.name>, Jan Kara <jack@...e.cz>
Subject: Re: [PATCH v2] mm/gup: Allow real explicit breaking of COW

On Tue, Aug 11, 2020 at 1:19 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Mon, Aug 10, 2020 at 2:57 PM Peter Xu <peterx@...hat.com> wrote:
> >
> > Yeah, that's why I totally agree we need to do enforced COW even for a read gup
> > as long as the page can be further referenced (GET|PIN).  However frankly
> > speaking I didn't follow the rest on what's wrong with "Userfaultfd-wp should
> > not care about this because it's not a write operation" that I mentiond.  Is
> > that the major part of the objection?
>
> You didn't _explain_ why it's ok.
>
> You said "it's only reading".
>
> And I told you why "only reading" is not an argument against COW.

The way I understand Peter, he doesn't want to avoid doing COW; he
wants to decouple userfaultfd-WP's fault handling from COW, so that
userfaultfd-wp notifies only when a previously-write-protected page is
actually written to. In other words, he wants the COW to basically
happen as it happens now, but it should only create a readonly PTE;
and if someone later triggers a real write fault, the fault handling
path would run again, and this time userfaultfd-wp would be notified
before that readonly PTE is turned into a writable one.

The FOLL flag would only be generated by the GUP path, not passed in
by any callers. It would cause the PTEs generated by breaking COW to
be read-only (I think this part is missing from the patch?), and it
would cause userfaultfd-WP to not synchronously block the fault.

I hope I summarized Peter's idea correctly?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ